Managing AIX logs

The AIX Error Log facility is configured by default to write files just one megabyte in size. When the log fills up, it wraps around and overwrites existing entries. Therefore, you should set the size to at least 40MB. You can do this once for all nodes with the dsh command after the nodes are installed.

dsh -a /usr/lib/errdemon -s 40960000

AIX syslogd implementation of SYSLOG has built-in log rotation capabilities that are specified with optional fields after the log destination:

facility-level destination rotate size s  files n time t  compress archive path

For example:

*.emerg;*.alert;*.crit;*.warning /var/adm/messages  rotate files 4 time 7d compress

Strangely enough AIX does not provide any default syslog.conf  at all. But for syslogd activation it needs to exist. If you need standard entries you can borrow the file from Solaris. For example:

mail.debug                                              /var/adm/maillog
mail.none                                               /var/adm/maillog
auth.notice                                             /var/adm/authlog
lpr.debug                                               /var/adm/lpd-errs
kern.debug                                              /var/adm/messages
*.emerg;*.alert;*.crit;*.warning;*.err;*.notice;*.info  /var/adm/messages

Files referenced in syslog.conf need to exist, so you need to "touch" them.  After creating the files required,  you have to reload syslogd again before it will begin logging to the file. Like in Solaris,  you can use `kill -HUP <syslog_pid>` to reload syslog.conf (there is no pkill command in AIX), but remember that syslogd doesn't complain about a missing file and doesn't create the missing file either. To avoid searching to PID you can use refresh -s syslogd (or stopsrc -s syslogd && startsrc -s syslogd)

The next step is to arrange forwarding error messages to syslog.  To do that you need to created a file called, say,  /root/etc/aix_errd2syslogd.add. This file should contain the following statements:

errnotify:
en_pid = 0
en_name = "syslog"
en_persistenceflg = 1
en_crcid = 0
en_method = "errpt -l $1 | tail -1 | logger -t errpt -p daemon.notice"

After that you need to issued the command

odmadd /root/etc/aix_errd2syslogd.add

The above AIX ODM stanza causes the error daemon to forward the most recent line of the error report to the syslog.

http://www.softpanorama.org/Commercial_unixes/AIX/managing_aix_logs.shtml